Add new report type for API Fuzzing

The new report type uses the Dast report parser
as the schema is shared between API Fuzzing and DAST.

* Update the backend code
* Update GraphQL schema
* Update related tests
* Add sample report to test assets

app/models/ci/job_artifact.rb

@@ -46,7 +46,8 @@ module Ci
       terraform: 'tfplan.json',
       cluster_applications: 'gl-cluster-applications.json',
       requirements: 'requirements.json',
-      coverage_fuzzing: 'gl-coverage-fuzzing.json'
+      coverage_fuzzing: 'gl-coverage-fuzzing.json',
+      api_fuzzing: 'gl-api-fuzzing-report.json'
     }.freeze
 
     INTERNAL_TYPES = {
@@ -82,11 +83,13 @@ module Ci
       load_performance: :raw,
       terraform: :raw,
       requirements: :raw,
-      coverage_fuzzing: :raw
+      coverage_fuzzing: :raw,
+      api_fuzzing: :raw
     }.freeze
 
     DOWNLOADABLE_TYPES = %w[
       accessibility
+      api_fuzzing
       archive
       cobertura
       codequality
@@ -194,7 +197,8 @@ module Ci
       requirements: 22, ## EE-specific
       coverage_fuzzing: 23, ## EE-specific
       browser_performance: 24, ## EE-specific
-      load_performance: 25 ## EE-specific
+      load_performance: 25, ## EE-specific
+      api_fuzzing: 26 ## EE-specific
     }
 
     # `file_location` indicates where actual files are stored.

doc/api/graphql/reference/gitlab_schema.graphql

@@ -16614,6 +16614,11 @@ type ScannedResourceEdge {
 Represents summary of a security report
 """
 type SecurityReportSummary {
+  """
+  Aggregated counts for the api_fuzzing scan
+  """
+  apiFuzzing: SecurityReportSummarySection
+
   """
   Aggregated counts for the container_scanning scan
   """
@@ -16694,6 +16699,7 @@ type SecurityReportSummarySection {
 The type of the security scanner
 """
 enum SecurityScannerType {
+  API_FUZZING
   CONTAINER_SCANNING
   COVERAGE_FUZZING
   DAST
@@ -20096,7 +20102,7 @@ type Vulnerability implements Noteable {
   """
   Type of the security report that found the vulnerability (SAST,
   DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION,
-  COVERAGE_FUZZING)
+  COVERAGE_FUZZING, API_FUZZING)
   """
   reportType: VulnerabilityReportType
 
@@ -20559,6 +20565,7 @@ type VulnerabilityPermissions {
 The type of the security scan that found the vulnerability
 """
 enum VulnerabilityReportType {
+  API_FUZZING
   CONTAINER_SCANNING
   COVERAGE_FUZZING
   DAST

doc/api/graphql/reference/gitlab_schema.json

@@ -48052,6 +48052,20 @@
           "name": "SecurityReportSummary",
           "description": "Represents summary of a security report",
           "fields": [
+            {
+              "name": "apiFuzzing",
+              "description": "Aggregated counts for the api_fuzzing scan",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "OBJECT",
+                "name": "SecurityReportSummarySection",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
             {
               "name": "containerScanning",
               "description": "Aggregated counts for the container_scanning scan",
@@ -48295,6 +48309,12 @@
               "description": null,
               "isDeprecated": false,
               "deprecationReason": null
+            },
+            {
+              "name": "API_FUZZING",
+              "description": null,
+              "isDeprecated": false,
+              "deprecationReason": null
             }
           ],
           "possibleTypes": null
@@ -58322,7 +58342,7 @@
             },
             {
               "name": "reportType",
-              "description": "Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION, COVERAGE_FUZZING)",
+              "description": "Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION, COVERAGE_FUZZING, API_FUZZING)",
               "args": [
 
               ],
@@ -59773,6 +59793,12 @@
               "description": null,
               "isDeprecated": false,
               "deprecationReason": null
+            },
+            {
+              "name": "API_FUZZING",
+              "description": null,
+              "isDeprecated": false,
+              "deprecationReason": null
             }
           ],
           "possibleTypes": null

doc/api/graphql/reference/index.md

@@ -2244,6 +2244,7 @@ Represents summary of a security report.
 
 | Field | Type | Description |
 | ----- | ---- | ----------- |
+| `apiFuzzing` | SecurityReportSummarySection | Aggregated counts for the api_fuzzing scan |
 | `containerScanning` | SecurityReportSummarySection | Aggregated counts for the container_scanning scan |
 | `coverageFuzzing` | SecurityReportSummarySection | Aggregated counts for the coverage_fuzzing scan |
 | `dast` | SecurityReportSummarySection | Aggregated counts for the dast scan |
@@ -2805,7 +2806,7 @@ Represents a vulnerability.
 | `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability |
 | `primaryIdentifier` | VulnerabilityIdentifier | Primary identifier of the vulnerability. |
 | `project` | Project | The project on which the vulnerability was found |
-| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION, COVERAGE_FUZZING) |
+| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION, COVERAGE_FUZZING, API_FUZZING) |
 | `resolvedOnDefaultBranch` | Boolean! | Indicates whether the vulnerability is fixed on the default branch or not |
 | `scanner` | VulnerabilityScanner | Scanner metadata for the vulnerability. |
 | `severity` | VulnerabilitySeverity | Severity of the vulnerability (INFO, UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL) |
@@ -3539,6 +3540,7 @@ The type of the security scanner.
 
 | Value | Description |
 | ----- | ----------- |
+| `API_FUZZING` |  |
 | `CONTAINER_SCANNING` |  |
 | `COVERAGE_FUZZING` |  |
 | `DAST` |  |
@@ -3723,6 +3725,7 @@ The type of the security scan that found the vulnerability.
 
 | Value | Description |
 | ----- | ----------- |
+| `API_FUZZING` |  |
 | `CONTAINER_SCANNING` |  |
 | `COVERAGE_FUZZING` |  |
 | `DAST` |  |

ee/app/controllers/ee/projects/merge_requests_controller.rb

@@ -15,7 +15,9 @@ module EE
 
         before_action :whitelist_query_limiting_ee_merge, only: [:merge]
         before_action :authorize_read_pipeline!, only: [:container_scanning_reports, :dependency_scanning_reports,
-                                                        :sast_reports, :secret_detection_reports, :dast_reports, :metrics_reports, :coverage_fuzzing_reports]
+                                                        :sast_reports, :secret_detection_reports, :dast_reports,
+                                                        :metrics_reports, :coverage_fuzzing_reports,
+                                                        :api_fuzzing_reports]
         before_action :authorize_read_licenses!, only: [:license_scanning_reports]
 
         feature_category :code_review, [:delete_description_version, :description_diff]
@@ -60,6 +62,10 @@ module EE
         reports_response(merge_request.compare_coverage_fuzzing_reports(current_user), head_pipeline)
       end
 
+      def api_fuzzing_reports
+        reports_response(merge_request.compare_api_fuzzing_reports(current_user), head_pipeline)
+      end
+
       private
 
       def whitelist_query_limiting_ee_merge

ee/app/finders/security/security_jobs_finder.rb

@@ -13,7 +13,7 @@
 module Security
   class SecurityJobsFinder < JobsFinder
     def self.allowed_job_types
-      [:sast, :dast, :dependency_scanning, :container_scanning, :secret_detection, :coverage_fuzzing]
+      [:sast, :dast, :dependency_scanning, :container_scanning, :secret_detection, :coverage_fuzzing, :api_fuzzing]
     end
   end
 end

ee/app/graphql/types/vulnerability_location_type.rb

@@ -20,7 +20,7 @@ module Types
         VulnerabilityLocation::ContainerScanningType
       when 'dependency_scanning'
         VulnerabilityLocation::DependencyScanningType
-      when 'dast'
+      when 'dast', 'api_fuzzing'
         VulnerabilityLocation::DastType
       when 'sast'
         VulnerabilityLocation::SastType

ee/app/models/ee/ci/build.rb

@@ -16,7 +16,8 @@ module EE
         dependency_scanning: :dependency_scanning,
         container_scanning: :container_scanning,
         dast: :dast,
-        coverage_fuzzing: :coverage_fuzzing
+        coverage_fuzzing: :coverage_fuzzing,
+        api_fuzzing: :api_fuzzing
       }.with_indifferent_access.freeze
 
       EE_RUNNER_FEATURES = {

ee/app/models/ee/ci/job_artifact.rb

@@ -11,7 +11,7 @@ module EE
     prepended do
       after_destroy :log_geo_deleted_event
 
-      SECURITY_REPORT_FILE_TYPES = %w[sast secret_detection dependency_scanning container_scanning dast coverage_fuzzing].freeze
+      SECURITY_REPORT_FILE_TYPES = %w[sast secret_detection dependency_scanning container_scanning dast coverage_fuzzing api_fuzzing].freeze
       LICENSE_SCANNING_REPORT_FILE_TYPES = %w[license_management license_scanning].freeze
       DEPENDENCY_LIST_REPORT_FILE_TYPES = %w[dependency_scanning].freeze
       METRICS_REPORT_FILE_TYPES = %w[metrics].freeze
@@ -21,6 +21,7 @@ module EE
       DAST_REPORT_TYPES = %w[dast].freeze
       REQUIREMENTS_REPORT_FILE_TYPES = %w[requirements].freeze
       COVERAGE_FUZZING_REPORT_TYPES = %w[coverage_fuzzing].freeze
+      API_FUZZING_REPORT_TYPES = %w[api_fuzzing].freeze
       BROWSER_PERFORMANCE_REPORT_FILE_TYPES = %w[browser_performance performance].freeze
 
       scope :project_id_in, ->(ids) { where(project_id: ids) }
@@ -63,6 +64,10 @@ module EE
       scope :coverage_fuzzing_reports, -> do
         with_file_types(COVERAGE_FUZZING_REPORT_TYPES)
       end
+
+      scope :api_fuzzing_reports, -> do
+        with_file_types(API_FUZZING_REPORT_TYPES)
+      end
     end
 
     class_methods do

ee/app/models/ee/ci/pipeline.rb

@@ -51,7 +51,8 @@ module EE
           license_scanning: %i[license_scanning],
           metrics: %i[metrics_reports],
           requirements: %i[requirements],
-          coverage_fuzzing: %i[coverage_fuzzing]
+          coverage_fuzzing: %i[coverage_fuzzing],
+          api_fuzzing: %i[api_fuzzing]
         }.freeze
 
         state_machine :status do

ee/app/models/ee/merge_request.rb

@@ -164,7 +164,8 @@ module EE
         dependency_scanning: report_type_enabled?(:dependency_scanning),
         license_scanning: report_type_enabled?(:license_scanning),
         coverage_fuzzing: report_type_enabled?(:coverage_fuzzing),
-        secret_detection: report_type_enabled?(:secret_detection)
+        secret_detection: report_type_enabled?(:secret_detection),
+        api_fuzzing: report_type_enabled?(:api_fuzzing)
       }
     end
 
@@ -248,6 +249,12 @@ module EE
       compare_reports(::Ci::CompareSecurityReportsService, current_user, 'coverage_fuzzing')
     end
 
+    def compare_api_fuzzing_reports(current_user)
+      return missing_report_error('api fuzzing') unless has_api_fuzzing_reports?
+
+      compare_reports(::Ci::CompareSecurityReportsService, current_user, 'api_fuzzing')
+    end
+
     def synchronize_approval_rules_from_target_project
       return if merged?
 

ee/app/models/ee/namespace.rb

@@ -338,7 +338,8 @@ module EE
       feature_available?(:dependency_scanning) ||
       feature_available?(:container_scanning) ||
       feature_available?(:dast) ||
-      feature_available?(:coverage_fuzzing)
+      feature_available?(:coverage_fuzzing) ||
+      feature_available?(:api_fuzzing)
     end
 
     def free_plan?

ee/app/models/security/scan.rb

@@ -19,7 +19,8 @@ module Security
       container_scanning: 3,
       dast: 4,
       secret_detection: 5,
-      coverage_fuzzing: 6
+      coverage_fuzzing: 6,
+      api_fuzzing: 7
     }
 
     delegate :project, to: :build

ee/app/models/vulnerabilities/feedback.rb

@@ -15,7 +15,7 @@ module Vulnerabilities
     attr_accessor :vulnerability_data
 
     enum feedback_type: { dismissal: 0, issue: 1, merge_request: 2 }, _prefix: :for
-    enum category: { sast: 0, dependency_scanning: 1, container_scanning: 2, dast: 3, secret_detection: 4, coverage_fuzzing: 5 }
+    enum category: { sast: 0, dependency_scanning: 1, container_scanning: 2, dast: 3, secret_detection: 4, coverage_fuzzing: 5, api_fuzzing: 6 }
 
     validates :project, presence: true
     validates :author, presence: true

ee/app/models/vulnerabilities/finding.rb

@@ -58,7 +58,8 @@ module Vulnerabilities
       container_scanning: 2,
       dast: 3,
       secret_detection: 4,
-      coverage_fuzzing: 5
+      coverage_fuzzing: 5,
+      api_fuzzing: 6
     }.with_indifferent_access.freeze
 
     enum confidence: CONFIDENCE_LEVELS, _prefix: :confidence

ee/app/presenters/projects/security/configuration_presenter.rb

@@ -18,7 +18,8 @@ module Projects
         license_scanning: 'user/compliance/license_compliance/index',
         sast: 'user/application_security/sast/index',
         secret_detection: 'user/application_security/secret_detection/index',
-        coverage_fuzzing: 'user/application_security/coverage_fuzzing/index'
+        coverage_fuzzing: 'user/application_security/coverage_fuzzing/index',
+        api_fuzzing: 'user/application_security/api_fuzzing/index'
       }.freeze
 
       def self.localized_scan_descriptions
@@ -31,7 +32,8 @@ module Projects
           license_scanning: _('Search your project dependencies for their licenses and apply policies.'),
           sast: _('Analyze your source code for known vulnerabilities.'),
           secret_detection: _('Analyze your source code and git history for secrets.'),
-          coverage_fuzzing: _('Find bugs in your code with coverage-guided fuzzing.')
+          coverage_fuzzing: _('Find bugs in your code with coverage-guided fuzzing.'),
+          api_fuzzing: _('Find bugs in your code with API fuzzing.')
         }.freeze
       end
 
@@ -45,7 +47,8 @@ module Projects
           license_scanning: _('License Compliance'),
           sast: _('Static Application Security Testing (SAST)'),
           secret_detection: _('Secret Detection'),
-          coverage_fuzzing: _('Coverage Fuzzing')
+          coverage_fuzzing: _('Coverage Fuzzing'),
+          api_fuzzing: _('API Fuzzing')
         }.freeze
       end
 

ee/changelogs/unreleased/258203-add-api-fuzzing-report.yml

+---
+title: Add API Fuzzing report type (backend)
+merge_request: 43763
+author:
+type: added

ee/lib/ee/gitlab/ci/parsers.rb

@@ -15,6 +15,7 @@ module EE
                 container_scanning: ::Gitlab::Ci::Parsers::Security::ContainerScanning,
                 dast: ::Gitlab::Ci::Parsers::Security::Dast,
                 sast: ::Gitlab::Ci::Parsers::Security::Sast,
+                api_fuzzing: ::Gitlab::Ci::Parsers::Security::Dast,
                 coverage_fuzzing: ::Gitlab::Ci::Parsers::Security::CoverageFuzzing,
                 secret_detection: ::Gitlab::Ci::Parsers::Security::SecretDetection,
                 metrics: ::Gitlab::Ci::Parsers::Metrics::Generic,

ee/spec/controllers/projects/security/configuration_controller_spec.rb

@@ -29,7 +29,7 @@ RSpec.describe Projects::Security::ConfigurationController do
       it 'responds in json format when requested' do
         get :show, params: { namespace_id: project.namespace, project_id: project, format: :json }
 
-        types = %w(sast dast dast_profiles dependency_scanning container_scanning secret_detection coverage_fuzzing license_scanning)
+        types = %w(sast dast dast_profiles dependency_scanning container_scanning secret_detection coverage_fuzzing license_scanning api_fuzzing)
 
         expect(response).to have_gitlab_http_status(:ok)
         expect(json_response['features'].map { |f| f['type'] }).to match_array(types)

ee/spec/factories/ci/builds.rb

@@ -6,7 +6,7 @@ FactoryBot.define do
       failure_reason { Ci::Build.failure_reasons[:protected_environment_failure] }
     end
 
-    %i[codequality container_scanning dast dependency_scanning license_management license_scanning performance browser_performance load_performance sast secret_detection coverage_fuzzing].each do |report_type|
+    %i[api_fuzzing codequality container_scanning dast dependency_scanning license_management license_scanning performance browser_performance load_performance sast secret_detection coverage_fuzzing].each do |report_type|
       trait "legacy_#{report_type}".to_sym do
         success
         artifacts
@@ -133,5 +133,11 @@ FactoryBot.define do
         build.job_artifacts << create(:ee_ci_job_artifact, :coverage_fuzzing, job: build)
       end
     end
+
+    trait :api_fuzzing_report do
+      after(:build) do |build|
+        build.job_artifacts << create(:ee_ci_job_artifact, :api_fuzzing, job: build)
+      end
+    end
   end
 end

ee/spec/factories/ci/job_artifacts.rb

@@ -413,5 +413,16 @@ FactoryBot.define do
           'application/json')
       end
     end
+
+    trait :api_fuzzing do
+      file_format { :raw }
+      file_type { :api_fuzzing }
+
+      after(:build) do |artifact, _|
+        artifact.file = fixture_file_upload(
+          Rails.root.join('ee/spec/fixtures/security_reports/master/gl-api-fuzzing-report.json'),
+          'application/json')
+      end
+    end
   end
 end

ee/spec/factories/ci/pipelines.rb

@@ -2,7 +2,7 @@
 
 FactoryBot.define do
   factory :ee_ci_pipeline, class: 'Ci::Pipeline', parent: :ci_pipeline do
-    %i[browser_performance codequality container_scanning coverage_fuzzing dast dependency_list dependency_scanning license_management license_scanning load_performance sast secret_detection].each do |report_type|
+    %i[api_fuzzing browser_performance codequality container_scanning coverage_fuzzing dast dependency_list dependency_scanning license_management license_scanning load_performance sast secret_detection].each do |report_type|
       trait "with_#{report_type}_report".to_sym do
         status { :success }
 

ee/spec/fixtures/api/schemas/vulnerability_feedback.json

@@ -32,7 +32,7 @@
     },
     "category": {
       "type": "string",
-      "enum": ["sast", "dependency_scanning", "container_scanning", "dast", "coverage_fuzzing"]
+      "enum": ["sast", "dependency_scanning", "container_scanning", "dast", "coverage_fuzzing", "api_fuzzing"]
     },
     "project_fingerprint": { "type": "string" },
     "branch": { "type": ["string", "null"] },

ee/spec/fixtures/lib/gitlab/import_export/complex/project.json

@@ -31,6 +31,7 @@
     "auto_fix_dast": true,
     "auto_fix_dependency_scanning": false,
     "auto_fix_sast": false,
-    "auto_fix_coverage_fuzzing": false
+    "auto_fix_coverage_fuzzing": false,
+    "auto_fix_api_fuzzing": false
   }
 }

ee/spec/fixtures/lib/gitlab/import_export/complex/tree/project.json

-{"security_setting": {"auto_fix_container_scanning": true,"auto_fix_dast": true,"auto_fix_dependency_scanning": false,"auto_fix_sast": false, "auto_fix_coverage":  false}}
+{"security_setting": {"auto_fix_container_scanning": true,"auto_fix_dast": true,"auto_fix_dependency_scanning": false,"auto_fix_sast": false, "auto_fix_coverage":  false, "auto_fix_api_fuzzing": false}}

ee/spec/graphql/types/security_scanner_type_enum_spec.rb

@@ -4,6 +4,6 @@ require 'spec_helper'
 
 RSpec.describe GitlabSchema.types['SecurityScannerType'] do
   it 'exposes all security scanner types' do
-    expect(described_class.values.keys).to contain_exactly(*%w[CONTAINER_SCANNING COVERAGE_FUZZING DAST DEPENDENCY_SCANNING SAST SECRET_DETECTION])
+    expect(described_class.values.keys).to match_array(%w[API_FUZZING CONTAINER_SCANNING COVERAGE_FUZZING DAST DEPENDENCY_SCANNING SAST SECRET_DETECTION])
   end
 end

ee/spec/graphql/types/vulnerability_report_type_enum_spec.rb

@@ -4,6 +4,6 @@ require 'spec_helper'
 
 RSpec.describe GitlabSchema.types['VulnerabilityReportType'] do
   it 'exposes all vulnerability report types' do
-    expect(described_class.values.keys).to contain_exactly(*%w[SAST SECRET_DETECTION DAST CONTAINER_SCANNING DEPENDENCY_SCANNING COVERAGE_FUZZING])
+    expect(described_class.values.keys).to match_array(%w[SAST SECRET_DETECTION DAST CONTAINER_SCANNING DEPENDENCY_SCANNING COVERAGE_FUZZING API_FUZZING])
   end
 end

ee/spec/lib/ee/gitlab/usage_data_spec.rb

@@ -535,6 +535,8 @@ RSpec.describe Gitlab::UsageData do
         secret_detection_scans: 0,
         coverage_fuzzing_pipeline: 0,
         coverage_fuzzing_scans: 0,
+        api_fuzzing_pipeline: 0,
+        api_fuzzing_scans: 0,
         user_unique_users_all_secure_scanners: 1
       )
     end
@@ -586,13 +588,15 @@ RSpec.describe Gitlab::UsageData do
         dast_pipeline: 0,
         secret_detection_pipeline: 1,
         coverage_fuzzing_pipeline: 0,
+        api_fuzzing_pipeline: 0,
         user_unique_users_all_secure_scanners: 1,
         sast_scans: 0,
         dependency_scanning_scans: 2,
         container_scanning_scans: 1,
         dast_scans: 0,
         secret_detection_scans: 1,
-        coverage_fuzzing_scans: 0
+        coverage_fuzzing_scans: 0,
+        api_fuzzing_scans: 0
       )
     end
 
@@ -624,6 +628,8 @@ RSpec.describe Gitlab::UsageData do
         secret_detection_scans: 0,
         coverage_fuzzing_pipeline: 0,
         coverage_fuzzing_scans: 0,
+        api_fuzzing_pipeline: 0,
+        api_fuzzing_scans: 0,
         user_unique_users_all_secure_scanners: 3
       )
     end
@@ -654,6 +660,8 @@ RSpec.describe Gitlab::UsageData do
         secret_detection_scans: 0,
         coverage_fuzzing_pipeline: 0,
         coverage_fuzzing_scans: 0,
+        api_fuzzing_pipeline: 0,
+        api_fuzzing_scans: 0,
         user_unique_users_all_secure_scanners: 1
       )
     end
@@ -684,6 +692,8 @@ RSpec.describe Gitlab::UsageData do
         secret_detection_scans: -1,
         coverage_fuzzing_pipeline: -1,
         coverage_fuzzing_scans: -1,
+        api_fuzzing_pipeline: -1,
+        api_fuzzing_scans: -1,
         user_unique_users_all_secure_scanners: -1
       )
     end

ee/spec/models/ee/vulnerability_spec.rb

@@ -16,7 +16,8 @@ RSpec.describe Vulnerability do
       container_scanning: 2,
       dast: 3,
       secret_detection: 4,
-      coverage_fuzzing: 5 }
+      coverage_fuzzing: 5,
+      api_fuzzing: 6 }
   end
 
   it { is_expected.to define_enum_for(:state).with_values(state_values) }
@@ -306,12 +307,13 @@ RSpec.describe Vulnerability do
     let_it_be(:vulnerability_secret_detection) { create(:vulnerability, :secret_detection) }
     let_it_be(:vulnerability_sast) { create(:vulnerability, :sast) }
     let_it_be(:vulnerability_coverage_fuzzing) { create(:vulnerability, :coverage_fuzzing) }
+    let_it_be(:vulnerability_api_fuzzing) { create(:vulnerability, :api_fuzzing) }
 
     describe 'asc' do
       subject { described_class.order_report_type_asc }
 
       it 'returns vulnerabilities ordered by report_type' do
-        is_expected.to eq([vulnerability_coverage_fuzzing, vulnerability_dast, vulnerability_sast, vulnerability_secret_detection])
+        is_expected.to eq([vulnerability_api_fuzzing, vulnerability_coverage_fuzzing, vulnerability_dast, vulnerability_sast, vulnerability_secret_detection])
       end
     end
 
@@ -319,7 +321,7 @@ RSpec.describe Vulnerability do
       subject { described_class.order_report_type_desc }
 
       it 'returns vulnerabilities ordered by report_type' do
-        is_expected.to eq([vulnerability_secret_detection, vulnerability_sast, vulnerability_dast, vulnerability_coverage_fuzzing])
+        is_expected.to eq([vulnerability_secret_detection, vulnerability_sast, vulnerability_dast, vulnerability_coverage_fuzzing, vulnerability_api_fuzzing])
       end
     end
   end

ee/spec/presenters/projects/security/configuration_presenter_spec.rb

@@ -72,7 +72,8 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
           security_scan(:dependency_scanning, configured: false, auto_dev_ops_enabled: true),
           security_scan(:license_scanning, configured: false, auto_dev_ops_enabled: true),
           security_scan(:secret_detection, configured: true, auto_dev_ops_enabled: true),
-          security_scan(:coverage_fuzzing, configured: false, auto_dev_ops_enabled: true)
+          security_scan(:coverage_fuzzing, configured: false, auto_dev_ops_enabled: true),
+          security_scan(:api_fuzzing, configured: false, auto_dev_ops_enabled: true)
         )
       end
     end
@@ -95,7 +96,8 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
           security_scan(:dependency_scanning, configured: false),
           security_scan(:license_scanning, configured: false),
           security_scan(:secret_detection, configured: false),
-          security_scan(:coverage_fuzzing, configured: false)
+          security_scan(:coverage_fuzzing, configured: false),
+          security_scan(:api_fuzzing, configured: false)
         )
       end
     end
@@ -125,7 +127,8 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
           security_scan(:dependency_scanning, configured: false),
           security_scan(:license_scanning, configured: false),
           security_scan(:secret_detection, configured: true),
-          security_scan(:coverage_fuzzing, configured: false)
+          security_scan(:coverage_fuzzing, configured: false),
+          security_scan(:api_fuzzing, configured: false)
         )
       end
 
@@ -142,7 +145,8 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
           security_scan(:dependency_scanning, configured: false),
           security_scan(:license_scanning, configured: false),
           security_scan(:secret_detection, configured: false),
-          security_scan(:coverage_fuzzing, configured: false)
+          security_scan(:coverage_fuzzing, configured: false),
+          security_scan(:api_fuzzing, configured: false)
         )
       end
 
@@ -165,7 +169,8 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
           security_scan(:dependency_scanning, configured: false),
           security_scan(:license_scanning, configured: false),
           security_scan(:secret_detection, configured: false),
-          security_scan(:coverage_fuzzing, configured: false)
+          security_scan(:coverage_fuzzing, configured: false),
+          security_scan(:api_fuzzing, configured: false)
         )
       end
 
@@ -180,7 +185,8 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
           security_scan(:dependency_scanning, configured: false),
           security_scan(:license_scanning, configured: true),
           security_scan(:secret_detection, configured: true),
-          security_scan(:coverage_fuzzing, configured: false)
+          security_scan(:coverage_fuzzing, configured: false),
+          security_scan(:api_fuzzing, configured: false)
         )
       end
 

lib/gitlab/ci/config/entry/reports.rb

@@ -15,7 +15,7 @@ module Gitlab
             %i[junit codequality sast secret_detection dependency_scanning container_scanning
                dast performance browser_performance load_performance license_management license_scanning metrics lsif
                dotenv cobertura terraform accessibility cluster_applications
-               requirements coverage_fuzzing].freeze
+               requirements coverage_fuzzing api_fuzzing].freeze
 
           attributes ALLOWED_KEYS
 
@@ -25,6 +25,7 @@ module Gitlab
 
             with_options allow_nil: true do
               validates :junit, array_of_strings_or_string: true
+              validates :api_fuzzing, array_of_strings_or_string: true
               validates :coverage_fuzzing, array_of_strings_or_string: true
               validates :sast, array_of_strings_or_string: true
               validates :sast, array_of_strings_or_string: true

locale/gitlab.pot

@@ -1299,6 +1299,9 @@ msgstr ""
 msgid "ACTION REQUIRED: Something went wrong while obtaining the Let's Encrypt certificate for GitLab Pages domain '%{domain}'"
 msgstr ""
 
+msgid "API Fuzzing"
+msgstr ""
+
 msgid "API Help"
 msgstr ""
 
@@ -11302,6 +11305,9 @@ msgstr ""
 msgid "Find File"
 msgstr ""
 
+msgid "Find bugs in your code with API fuzzing."
+msgstr ""
+
 msgid "Find bugs in your code with coverage-guided fuzzing."
 msgstr ""
 

spec/services/ci/retry_build_service_spec.rb

@@ -46,7 +46,8 @@ RSpec.describe Ci::RetryBuildService do
        job_variables waiting_for_resource_at job_artifacts_metrics_referee
        job_artifacts_network_referee job_artifacts_dotenv
        job_artifacts_cobertura needs job_artifacts_accessibility
-       job_artifacts_requirements job_artifacts_coverage_fuzzing].freeze
+       job_artifacts_requirements job_artifacts_coverage_fuzzing
+       job_artifacts_api_fuzzing].freeze
 
   ignore_accessors =
     %i[type lock_version target_url base_tags trace_sections